diff options
| author | Chocobozzz <me@florianbigard.com> | 2020-04-30 15:03:09 +0200 |
|---|---|---|
| committer | Chocobozzz <chocobozzz@cpy.re> | 2020-05-04 16:21:39 +0200 |
| commit | bc90883f1a5e9c4ecb76ae358734b85be515af7f (patch) | |
| tree | 47d578c1d5a3a95e89f2badfade76b125de11084 /server/lib | |
| parent | a4995eb7ac5745f62604d70f7b2225ff33916d49 (diff) | |
| download | PeerTube-bc90883f1a5e9c4ecb76ae358734b85be515af7f.tar.gz PeerTube-bc90883f1a5e9c4ecb76ae358734b85be515af7f.tar.zst PeerTube-bc90883f1a5e9c4ecb76ae358734b85be515af7f.zip | |
Handle external login errors
Diffstat (limited to 'server/lib')
| -rw-r--r-- | server/lib/auth.ts | 18 | ||||
| -rw-r--r-- | server/lib/client-html.ts | 2 | ||||
| -rw-r--r-- | server/lib/plugins/register-helpers-store.ts | 4 |
3 files changed, 15 insertions, 9 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts index 1fa896f6e..7c1dd1139 100644 --- a/server/lib/auth.ts +++ b/server/lib/auth.ts | |||
| @@ -83,10 +83,13 @@ async function onExternalUserAuthenticated (options: { | |||
| 83 | return | 83 | return |
| 84 | } | 84 | } |
| 85 | 85 | ||
| 86 | if (!isAuthResultValid(npmName, authName, authResult)) return | ||
| 87 | |||
| 88 | const { res } = authResult | 86 | const { res } = authResult |
| 89 | 87 | ||
| 88 | if (!isAuthResultValid(npmName, authName, authResult)) { | ||
| 89 | res.redirect('/login?externalAuthError=true') | ||
| 90 | return | ||
| 91 | } | ||
| 92 | |||
| 90 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) | 93 | logger.info('Generating auth bypass token for %s in auth %s of plugin %s.', authResult.username, authName, npmName) |
| 91 | 94 | ||
| 92 | const bypassToken = await generateRandomString(32) | 95 | const bypassToken = await generateRandomString(32) |
| @@ -238,24 +241,27 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response) | |||
| 238 | 241 | ||
| 239 | function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) { | 242 | function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) { |
| 240 | if (!isUserUsernameValid(result.username)) { | 243 | if (!isUserUsernameValid(result.username)) { |
| 241 | logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { result }) | 244 | logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { username: result.username }) |
| 242 | return false | 245 | return false |
| 243 | } | 246 | } |
| 244 | 247 | ||
| 245 | if (!result.email) { | 248 | if (!result.email) { |
| 246 | logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { result }) | 249 | logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { email: result.email }) |
| 247 | return false | 250 | return false |
| 248 | } | 251 | } |
| 249 | 252 | ||
| 250 | // role is optional | 253 | // role is optional |
| 251 | if (result.role && !isUserRoleValid(result.role)) { | 254 | if (result.role && !isUserRoleValid(result.role)) { |
| 252 | logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { result }) | 255 | logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { role: result.role }) |
| 253 | return false | 256 | return false |
| 254 | } | 257 | } |
| 255 | 258 | ||
| 256 | // display name is optional | 259 | // display name is optional |
| 257 | if (result.displayName && !isUserDisplayNameValid(result.displayName)) { | 260 | if (result.displayName && !isUserDisplayNameValid(result.displayName)) { |
| 258 | logger.error('Auth method %s of plugin %s did not provide a valid display name.', authName, npmName, { result }) | 261 | logger.error( |
| 262 | 'Auth method %s of plugin %s did not provide a valid display name.', | ||
| 263 | authName, npmName, { displayName: result.displayName } | ||
| 264 | ) | ||
| 259 | return false | 265 | return false |
| 260 | } | 266 | } |
| 261 | 267 | ||
diff --git a/server/lib/client-html.ts b/server/lib/client-html.ts index 572bd03bd..4a4b0d12f 100644 --- a/server/lib/client-html.ts +++ b/server/lib/client-html.ts | |||
| @@ -119,7 +119,7 @@ export class ClientHtml { | |||
| 119 | // Save locale in cookies | 119 | // Save locale in cookies |
| 120 | res.cookie('clientLanguage', lang, { | 120 | res.cookie('clientLanguage', lang, { |
| 121 | secure: WEBSERVER.SCHEME === 'https', | 121 | secure: WEBSERVER.SCHEME === 'https', |
| 122 | sameSite: true, | 122 | sameSite: 'none', |
| 123 | maxAge: 1000 * 3600 * 24 * 90 // 3 months | 123 | maxAge: 1000 * 3600 * 24 * 90 // 3 months |
| 124 | }) | 124 | }) |
| 125 | 125 | ||
diff --git a/server/lib/plugins/register-helpers-store.ts b/server/lib/plugins/register-helpers-store.ts index a3ec7ef6a..e337b1cb0 100644 --- a/server/lib/plugins/register-helpers-store.ts +++ b/server/lib/plugins/register-helpers-store.ts | |||
| @@ -230,9 +230,9 @@ export class RegisterHelpersStore { | |||
| 230 | 230 | ||
| 231 | private buildSettingsManager (): PluginSettingsManager { | 231 | private buildSettingsManager (): PluginSettingsManager { |
| 232 | return { | 232 | return { |
| 233 | getSetting: (name: string) => PluginModel.getSetting(this.plugin.name, this.plugin.type, name), | 233 | getSetting: (name: string) => PluginModel.getSetting(this.plugin.name, this.plugin.type, name, this.settings), |
| 234 | 234 | ||
| 235 | getSettings: (names: string[]) => PluginModel.getSettings(this.plugin.name, this.plugin.type, names), | 235 | getSettings: (names: string[]) => PluginModel.getSettings(this.plugin.name, this.plugin.type, names, this.settings), |
| 236 | 236 | ||
| 237 | setSetting: (name: string, value: string) => PluginModel.setSetting(this.plugin.name, this.plugin.type, name, value), | 237 | setSetting: (name: string, value: string) => PluginModel.setSetting(this.plugin.name, this.plugin.type, name, value), |
| 238 | 238 | ||